cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1561039 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecurityt...
Date Fri, 24 Jan 2014 15:45:50 GMT
Author: coheigea
Date: Fri Jan 24 15:45:49 2014
New Revision: 1561039

URL: http://svn.apache.org/r1561039
Log:
Update following WSS4J change

Removed:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSPolicyException.java
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
Fri Jan 24 15:45:49 2014
@@ -53,6 +53,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.EffectivePolicy;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -61,7 +62,6 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.WSSPolicyException;
 import org.apache.wss4j.policy.model.AlgorithmSuite;
 import org.apache.wss4j.policy.stax.OperationPolicy;
 import org.apache.wss4j.policy.stax.PolicyEnforcer;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Jan 24 15:45:49 2014
@@ -801,10 +801,7 @@ public class WSS4JInInterceptor extends 
     private SoapFault 
     createSoapFault(SoapVersion version, WSSecurityException e) {
         SoapFault fault;
-        String errorMessage = WSS4JUtils.getSafeExceptionMessage(e);
-        if (errorMessage == null) {
-            errorMessage = e.getMessage();
-        }
+        String errorMessage = e.getSafeExceptionMessage();
         javax.xml.namespace.QName faultCode = e.getFaultCode();
         if (version.getVersion() == 1.1 && faultCode != null) {
             fault = new SoapFault(errorMessage, e, faultCode);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
Fri Jan 24 15:45:49 2014
@@ -45,11 +45,11 @@ import org.apache.cxf.ws.security.Securi
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.policy.WSSPolicyException;
 import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.InboundWSSec;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
Fri Jan 24 15:45:49 2014
@@ -40,9 +40,9 @@ import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.policy.WSSPolicyException;
 import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.OutboundWSSec;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
Fri Jan 24 15:45:49 2014
@@ -24,7 +24,6 @@ import java.security.Key;
 import java.util.Date;
 
 import javax.crypto.SecretKey;
-import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -41,8 +40,6 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.cache.ReplayCacheFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -53,21 +50,6 @@ import org.apache.xml.security.exception
  */
 public final class WSS4JUtils {
     
-    // FAULT error messages
-    public static final String UNSUPPORTED_TOKEN_ERR = "An unsupported token was provided";
-    public static final String UNSUPPORTED_ALGORITHM_ERR = 
-        "An unsupported signature or encryption algorithm was used";
-    public static final String INVALID_SECURITY_ERR = 
-        "An error was discovered processing the <wsse:Security> header.";
-    public static final String INVALID_SECURITY_TOKEN_ERR = 
-        "An invalid security token was provided";
-    public static final String FAILED_AUTHENTICATION_ERR = 
-        "The security token could not be authenticated or authorized";
-    public static final String FAILED_CHECK_ERR = "The signature or decryption was invalid";
-    public static final String SECURITY_TOKEN_UNAVAILABLE_ERR = 
-        "Referenced security token could not be retrieved";
-    public static final String MESSAGE_EXPIRED_ERR = "The message has expired";
-
     private WSS4JUtils() {
         // complete
     }
@@ -231,40 +213,4 @@ public final class WSS4JUtils {
 
     }
 
-    /**
-     * Map a WSSecurityException FaultCode to a standard error String, so as not to leak
-     * internal configuration to an attacker.
-     */
-    public static String getSafeExceptionMessage(WSSecurityException ex) {
-        // Allow a Replay Attack message to be returned, otherwise it could be confusing
-        // for clients who don't understand the default caching functionality of WSS4J/CXF
-        if (ex.getMessage() != null && ex.getMessage().contains("replay attack"))
{
-            return ex.getMessage();
-        }
-        
-        String errorMessage = null;
-        QName faultCode = ex.getFaultCode();
-        if (WSConstants.UNSUPPORTED_SECURITY_TOKEN.equals(faultCode)) {
-            errorMessage = UNSUPPORTED_TOKEN_ERR;
-        } else if (WSConstants.UNSUPPORTED_ALGORITHM.equals(faultCode)) {
-            errorMessage = UNSUPPORTED_ALGORITHM_ERR;
-        } else if (WSConstants.INVALID_SECURITY.equals(faultCode)) {
-            errorMessage = INVALID_SECURITY_ERR;
-        } else if (WSConstants.INVALID_SECURITY_TOKEN.equals(faultCode)) {
-            errorMessage = INVALID_SECURITY_TOKEN_ERR;
-        } else if (WSConstants.FAILED_AUTHENTICATION.equals(faultCode)) {
-            errorMessage = FAILED_AUTHENTICATION_ERR;
-        } else if (WSConstants.FAILED_CHECK.equals(faultCode)) {
-            errorMessage = FAILED_CHECK_ERR;
-        } else if (WSConstants.SECURITY_TOKEN_UNAVAILABLE.equals(faultCode)) {
-            errorMessage = SECURITY_TOKEN_UNAVAILABLE_ERR;
-        } else if (WSConstants.MESSAGE_EXPIRED.equals(faultCode)) {
-            errorMessage = MESSAGE_EXPIRED_ERR;
-        } else {
-            // Default
-            errorMessage = INVALID_SECURITY_ERR;
-        }
-        return errorMessage;
-        
-    }
 }

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
Fri Jan 24 15:45:49 2014
@@ -159,7 +159,7 @@ public class BinarySecurityTokenTest ext
             String message = fault.getMessage();
             assertTrue(message.contains("STS Authentication failed")
                 || message.contains("Validation of security token failed")
-                || message.contains("PolicyViolationException"));
+                || message.contains("The security token could not be authenticated or authorized"));
         }
         
         ((java.io.Closeable)asymmetricBSTPort).close();

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java?rev=1561039&r1=1561038&r2=1561039&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java
(original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java
Fri Jan 24 15:45:49 2014
@@ -158,7 +158,7 @@ public class UsernameTokenTest extends A
             String message = fault.getMessage();
             assertTrue(message.contains("STS Authentication failed")
                 || message.contains("Validation of security token failed")
-                || message.contains("PolicyViolationException"));
+                || message.contains("The security token could not be authenticated or authorized"));
         }
         
         ((java.io.Closeable)transportUTPort).close();



Mime
View raw message